Privacy & HIPPAA Policy
Privacy Policy
The following policy outlines how Treasure Valley Children’s Clinic collects and uses information about visitors to this website, and by using this website you acknowledge that you consent to these practices.
This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect, or otherwise handle your Personally Identifiable Information in accordance with our website. This policy is updated from time to time. The latest version will always be published on this page.
If you have any questions about this policy, please contact us using the information at the end of this document.
What data we gather
When you visit our site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
- Other information relevant to customer surveys and/or offers
We may leverage Google Analytics, or other 3rd party tracking solutions to gather and analyze data related to how visitors find and access our site. This information is used only to manage and improve our site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
When filling out a form on our site, you may be asked to enter your name, email address, or other details to help you with your experience. We use the information we collect from you when you sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features to help us follow up with you after correspondence (ex: email or phone inquiries).
Cookies and how we use them
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options, or functions that are specific to you. They also may allow site administrators to see information like how many people use the website and what pages they tend to visit.
We may use cookies to:
- Analyze our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content, and functions as described above.
- Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
- Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.
- Store information about your preferences. The website can then present you with the information you will find more relevant and interesting.
- To recognize when you return to our website. We may show your relevant content or provide the functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
Controlling Cookies
You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies. However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.
Unless you have changed your browser to refuse cookies, our website may issue cookies when you visit it.
If you choose to communicate with us through this website, we may collect personally identifiable information. This could include name, email address, physical address, phone number, etc. We may collect such information to help facilitate communications with you. We will use this information for our own internal records and contact you in response to a specific inquiry.
If you are a European resident, you have the right to access the personal information we hold about you and to ask that your personal information is corrected, updated, or deleted. If you would like to exercise this right, please contact us using the contact information at the end of this document
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.
California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
- Users can visit our site anonymously.
- Once this privacy policy is created, we will add a link to it on our homepage or at a minimum, on the first significant page after entering our website.
- Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes:
- On our Privacy Policy Page
- By emailing us
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
Do we let third-parties, including ad networks or plug-ins, collect PII from children under 13?
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email within 1 business day.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to send information, respond to inquiries, and/or other requests or questions
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Security
We will always hold your information securely. We have implemented strong physical and electronic security safeguards to prevent unauthorized disclosure or access to any information collected through our website.
Links from our Website
Our website may contain links to other websites. Please note that we have no control of websites outside of our domain. If you provide information to a website to which we link, we are not responsible for its protection or privacy.
Contacting Us
If there are any questions regarding this privacy policy, please contact us.
HIPAA Omnibus
Notice of Privacy Practices
This Notice of Privacy Practices is NOT an authorization. This Notice of Privacy Practices describes how we, our Business Associates and their subcontractors, may use and disclose your Protected Health Information (PHI) to carry out Treatment, Payment or Health Care Operations (TPO) and for other purposes that are permitted or required by law. It also describes your rights to access and control your Protected Health Information. Please review it carefully.
We reserve the right to change this notice at any time and to make the revised or changed notice effective in the future. A copy of our current notice will always be posted in the waiting area. You may also obtain your own copy by accessing our website at https://tvkidsclinic.com or calling the Privacy Officer at 208-334-6519.
Some examples of Protected Health Information include information about your past, present or future physical or mental health condition, genetic information, or information about your health care benefits under an insurance plan, each when combined with identifying information such as your name, address, social security number or phone number.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
There are some situations when we do not need your written authorization before using your health information or sharing it with others, including:
Treatment: We may use and disclose your Protected Health Information to provide, coordinate, or manage your health care and any related services. For example, your Protected Health Information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you.
Payment: Your Protected Health Information may be used, as needed, to obtain payment for your health care services after we have treated you. In some cases, we may share information about you with your health insurance company to determine whether it will cover your treatment.
Healthcare Operations: We may use or disclose, as-needed, your Protected Health Information in order to support the business activities of our practice, for example: quality assessment, employee review, training of medical students, licensing, fundraising, and conducting or arranging for other business activities.
Appointment Reminders and Health-related Benefits and Services: We may use or disclose your Protected Health Information, as necessary, to contact you to remind you of your appointment, and inform you about treatment alternatives or other health-related benefits and services that may be of interest to you. If we use or disclose your Protected Health Information for fundraising activities, we will provide you the choice to opt out of those activities. You may also choose to opt back in.
Friends and Family Involved in Your Care: If you have not voiced an objection, we may share your health information with a family member, relative, or close personal friend who is involved in your care or payment for your care, including following your death.
Business Associate: We may disclose your health information to contractors, agents and other “business associates” who need the information in order to assist us with obtaining payment or carrying out our business operations. For example, a billing company, an accounting firm, or a law firm that provides professional advice to us. Business associates are required by law to abide by the HIPAA regulations.
Proof of Immunization: We may disclose proof of immunization to a school about a student or prospective student of the school, as required by State or other law. Authorization (which may be oral) may be obtained from a parent, guardian, or other person acting in loco parentis, or by the adult or emancipated minor.
Incidental Disclosures: While we will take reasonable steps to safeguard the privacy of your health information, certain disclosures of your health information may occur during or as an unavoidable result of our otherwise permissible uses or disclosures of your health information. For example, during the course of a treatment session, other patients in the treatment area may see, or overhear discussion of, your health information.
Emergencies or Public Need:
We may use or disclose your health information if you need emergency treatment or if we are required by law to treat you.
We may use or disclose your Protected Health Information in the following situations without your authorization: as required by law, public health issues, communicable diseases, abuse, neglect or domestic violence, health oversight, lawsuits and disputes, law enforcement, to avert a serious and imminent threat to health or safety, national security and intelligence activities or protective services, military and veterans, inmates and correctional institutions, workers’ compensation, coroners, medical examiners and funeral directors, organ and tissue donation, and other required uses and disclosures. We may release some health information about you to your employer if you employer hires us to provide you with a physical exam and we discover that you have a work related injury or disease that your employer must know about in order to comply with employment laws. Under the law, we must also disclose your Protected Health Information when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements under Section 164.500.
REQUIREMENT FOR WRITTEN AUTHORIZATION
There are certain situations where we must obtain your written authorization before using your health information or sharing it, including:
Most Uses of Psychotherapy Notes, when appropriate.
Marketing: We may not disclose any of your health information for marketing purposes if our practice will receive direct or indirect financial payment not reasonably related to our practice’s cost of making the communication.
Sale of Protected Health Information: We will not sell your Protected Health Information to third parties.
You may revoke the written authorization, at any time, except when we have already relied upon it. To revoke a written authorization, please write to the Privacy Officer at our practice. You may also initiate the transfer of your records to another person by completing a written authorization form.
PATIENT RIGHTS
Right to Inspect and Copy Records. You have the right to inspect and obtain a copy of your health information, including medical and billing records. To inspect or obtain a copy of your health information, please submit your request in writing to the practice. We may charge a fee for the costs of copying, mailing or other supplies. If you would like an electronic copy of your health information, we will provide one to you as long as we can readily produce such information in the form requested. In some limited circumstances, we may deny the request. Under federal law, you may not inspect or copy the following records: Psychotherapy notes, information compiled in reasonable anticipation of, or used in, a civil, criminal, or administrative action or proceeding, protected health information restricted by law, information related to medical research where you have agreed to participate, information whose disclosure may result in harm or injury to you or to another person, or information that was obtained under a promise of confidentiality.
Right to Amend Records. If you believe that the health information we have about you is incorrect or incomplete, you may request an amendment in writing. If we deny your request, we will provide a written notice that explains our reasons. You will have the right to have certain information related to your request included in your records.
Right to an Accounting of Disclosures. You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Right to Receive Notification of a Breach. You have the right to be notified within sixty (60) days of the discovery of a breach of your unsecured protected health information if there is more than a low probability the information has been compromised.
Right to Request Restrictions. You have the right to request that we further restrict the way we use and disclose your health information to treat your condition, collect payment for that treatment, run our normal business operations or disclose information about you to family or friends involved in your care. Your request must state the specific restrictions requested and to whom you want the restriction to apply. Your physician is not required to agree to your request except if you request that the physician not disclose Protected Health Information to your health plan when you have paid in full out of pocket.
Right to Request Confidential Communications. You have the right to request that we contact you about your medical matters in a more confidential way, such as calling you at work instead of at home. We will not ask you the reason for your request, and we will try to accommodate all reasonable requests.
Right to Have Someone Act on Your Behalf. You have the right to name a personal representative who may act on your behalf to control the privacy of your health information. Parents and guardians will generally have the right to control the privacy of health information about minors unless the minors are permitted by law to act on their own behalf.
Right to Obtain a Copy of Notices. If you are receiving this Notice electronically, you have the right to a paper copy of this Notice.
Right to File a Complaint. If you believe your privacy rights have been violated by us, you may file a complaint with us by calling the Privacy Officer at 208-334-6519 or with the Secretary of the Department of Health and Human Services. We will not withhold treatment or take action against you for filing a complaint.
Use and Disclosures Where Special Protections May Apply. Some kinds of information, such as alcohol and substance abuse treatment, HIV-related, mental health, psychotherapy, and genetic information, are considered so sensitive that state or federal laws provide special protections for them. Therefore, some parts of this general Notice of Privacy Practices may not apply to these types of information. If you have questions or concerns about the ways these types of information may be used or disclosed, please speak with your health care provider.
Treasure Valley Children’s Clinic
2921 S. Meridian Road
Meridian, ID 83642
Phone: 208-297-7847
Fax: 208-203-0097
Health Insurance Portability and Accountability Act of 1996
HIPAA OMNIBUS
NOTICE OF PRIVACY PRACTICES
Effective April 14, 2003
Revised: March 25, 2013
Heidi Graham
PrivacyOffice@dhw.idaho.gov
By signing the Acknowledgement form you are only acknowledging that you received, or have been given the opportunity to receive, a copy of our Notice of Privacy Practices.